FROM nxrm.aci.is.cl.ssa.gov:18443/ubi8/openjdk-17:1.19-1

MAINTAINER https://stash.ba.ssa.gov/scm/cit/ssa-openjdk-17-s2i.git

ENV AB_JOLOKIA_OFF=true \
    DESCRIPTION='This is the SSA version of the Red Hat s2i OpenJDK image.  There is NO CA APM monitoring in this version.' \
    DISPLAY_NAME='SSA OpenJDK Source To Image (S2I) - OpenJDK 17' \
    JAVA_APP_DIR='/deployments/'

LABEL gov.ssa.authoritative-source-url=registy.ba.ssa.gov \
      gov.ssa.distribution-scope=private \
      name=ssa-openjdk-17-s2i \
      io.k8s.display-name=$DISPLAY_NAME \
      description=$DESCRIPTION \
      io.k8s.description=$DESCRIPTION \
      io.openshift.tags="builder,java"

USER 0

RUN echo "Creating /opt/ssa directory" && \
    mkdir -p /opt/ssa/conf && \
    mkdir -p /opt/ssa/bin && \
    mkdir -p /opt/ssa/local/bin && \
    mkdir -p /opt/ssa/local/lib64 && \
    curl -k -o /tmp/treasury-ca-bundle.pem  https://nxrm.aci.is.cl.ssa.gov/repository/client-bins/ssa-trusted-ca/ssa-ca-complete.pem  && \
    cp /tmp/treasury-ca-bundle.pem /etc/pki/ca-trust/source/anchors/  && \
    cp /tmp/treasury-ca-bundle.pem /opt/ssa/conf/ && \
    rm /tmp/treasury-ca-bundle.pem   && \
    echo "COPYING certs and scripts files "

COPY bin/* /opt/ssa/bin/
COPY conf/* /opt/ssa/conf/

RUN echo "Setting permissions " && \
    chown -R root:root /opt/ssa && \
    chmod -R 0555 /opt/ssa  && \
    find /opt/ssa /etc/pki/ca-trust/source/anchors/ -type f -exec chmod 444 '{}' \; && \
    find /opt/ssa \( -type d -o -name "*.py" -o -name "*.sh" \) -exec chmod 555 '{}' \; && \
    # Leverage host subscription so microdnf works
    rm -Rf /etc/rhsm && \
    rm -Rf /etc/yum.repos.d/* && \
    ln -s /run/secrets/redhat.repo /etc/yum.repos.d/ && \
    ln -s /run/secrets/rhsm /etc/rhsm && \
    ln -s /run/secrets/etc-pki-entitlement /etc/pki/entitlement && \
    sed -r 's/^enabled(\s+)?=(\s+)?1/enabled = 0/' -i /etc/yum.repos.d/redhat.repo && \
	rpm -qa | sort >/before.txt && \
	microdnf install -y python3 && \
    rpm -qa | sort >/after.txt && \
    /usr/bin/python3 -V && \
    echo "Running XML/Text insertion based on MDE environment variables " && \
    /opt/ssa/bin/textinsert-ojdk18.sh && \
    echo "Removing XML/Text insertion run time capability " && \
    rm /opt/ssa/bin/textinsert* && \
    echo "Initializing certs" && \
    update-ca-trust enable && \
    update-ca-trust extract && \
	# Clean Up python Packages 
    microdnf remove -y $( comm -13 /before.txt /after.txt )  &&  \
    rm /before.txt /after.txt && \
    microdnf clean all  &&  \
	rm -f /etc/yum.repos.d/redhat.repo && \
    rm -f /etc/rhsm && \
    rm -f /etc/pki/entitlement 
    

USER 185